Thursday, January 3, 2019

Hardware wallet are one of the most secure way to handle your cryptocurrency like bitcoin.
The trezor is a hardware bitcoin and other cryptocurrency wallet made by satoshilabs used to secure online transactions. The security reside in the fact that the private key used to sign a transaction never leave the device.

The hardware wallet device connect via USB to a host computer. Any transaction that would imply sending money to someone must be signed to be considered valid by the cryptocurrency network, like the bitcoin network. To perform that, the transaction is sent to the hardware wallet device via USB. The user can confirm its authenticity on the device display and press a button on the device to sign it with the internal private key. The hardware wallet device will send back the signed transaction to the computer to be broadcasted to the internet. In this process, the private key is never accessed by the computer.

On the other hand, the raspberry pi zero is a low cost and small but powerful computer. You can buy one for about 5$. It is used on numerous projects by ton of developers and hobbyists around the world.

In this web page I will show you how to create your own hardware bitcoin wallet based on the original trezor source code and run on it on a raspberry pi zero. This is a fun, low cost, D.I.Y. project for any cryptocurrency enthusiasm!

Photos

HDMI Display:

The basic version only needs to connect two push buttons to the pi zero to act as the 2 input buttons of the device. The pi zero as an HDMI connector that is used for output in this configuration. This is a simple solution to start with.

Only two buttons required!

OLED Display:

Instead of using the HDMI connector, a small OLED display can be attached to the pi zero. In that case, I recommend to use a small plastic box to protect the components and to give a more professional look!

Quick start guide:

List of required components:

Required components for the PiTrezor

A raspberry pi zero. You don't need the pi zero W, it cost probably a little bit more than the regular pi zero, but it will work anyway. The difference is that pi zero W has wifi and bluetooth but this project don't use it. The network drivers are not loaded by the platform so the W can be considered as secure.

An SD card. The image to write on the SD card is very small (around 50 Megs) so virtually any decent SD card should work. Make sure you have one that is compatible with the pi.

A good micro-usb to usb cable.

A mini HDMI male to HDMI female adapter to verify the output via the HDMI output. You need HDMI cable and a TV or monitor too!

Two push buttons (normally open contact, SPST)

Some wires to solder the buttons to the pi zero

Optionally, an I2C or SPI OLED display. Supported OLED are based on the SH1106 controller or Adafruit controller.

Optionally, a box or enclosure for a more professional look.

You will also need standard tool like solder iron, pliers, ...

Of course, If you are using the Adafruit bonnet, you don't need separate
push buttons or OLED. Refer to Adafruit documentation about how to
connect the bonnet to the pi zero.

Step-By-Step instructions:

If you don't have the software called "etcher" already installed in your computer, download it here : https://etcher.io/ . This software is used to write the program image to the SD card.

Start etcher and follow the instructions. You will need to connect the SD card to your computer to flash the pitrezor image file.

After the card is flashed, put it in the SD card slot in the pi zero.

Connect the HDMI output to a monitor or tv using the cable and adapter.

Connect the USB cable in the USB port near the center of the pi zero, not the one near the corner. Refer to next picture.

Connect the other end of the USB cable to your computer or a USB power supply. You should see the pi zero boot sequence in the monitor and after 4-5 seconds the trezor logo should appear. Good! That confirms that your pi zero and SD card are working correctly.

At this point you cannot do much, so disconnect the USB cable, HDMI adapter and cable and remove SD card.

If you are using the Adafruit bonnet, it is time to connect it and go straight to the "Configuration" section below. Otherwise, continue reading

Solder the 2 buttons to the pi zero as showed in the following diagram. The left button (called "no") is connected to the pins 30 and 32 (in yellow in the next picture). The right button (called "yes") is connected to the pins 34 and 36 (in red in the picture). This is the default setup but can be tweaked from configuration file.

connecting the button

Put back the SD card in the pi zero and reconnect the HDMI and USB cable back to your computer.

It should boot again, otherwise that means something went bad during the soldering of the buttons :(

You will be requested to install the trezor bridge if you never did it before. Select your operating system to download the correct bridge software and perform installation. If you plan to use the trezor beta wallet, the bridge installation is optional but you must a recent version of chrome.

If you don't plan to use the bridge on Linux, don't forget to set the permission accordingly. Refer to setting up chrome on linux.

If the bridge is already installed, you should see a message that invites you to connect your trezor. Connect the USB cable of your pi zero.

The browser application should detect the device and invite you to perform the trezor setup.

During the setup you will need the buttons to, at least, go from one seed word to another.

If all is working correctly you can disconnect everything to solder the OLED display. The I2C OLED display need 4 wires to solder and the SPI OLED uses 7 wires. Refer to the next picture to determine how to solder the OLED depending on interface.:

Connect the SD card back to your computer and refer to the configuration section below to correctly configure your OLED model and orientation. Their is only 2 possibles orientations so you can try both and see which one is better for you.

Reconnect everything and retry your device. Now you should see the output on the HDMI connector if connected and also on the OLED at the same time.

If that work, put everything in a box!

Enjoy! And please don't forget to send a donation to continue the support this project update (see below). Any amount is welcome.

Download

Configuration

If you connect the SD card in your computer you should see a file named "pitrezor.config" in the first partition (boot partition). You can open this file with your favorite text editor. You will be able to change the configuration variables which are:

TREZOR_OLED_SCALE : This control the scale factor of the display to apply when using the HDMI output. A scale factor of 1 means the default size of 128x64 pixel. A scale factor of 2 will stretch the image to 256x128 and so on.

TREZOR_OLED_TYPE: Specify the type of OLED connected to the pi zero. The file enumerate the different value and their meaning. Select the one that match your OLED display.

TREZOR_OLED_FLIP: Set to 0 or 1 to control the image vertically (normal or inverted) This is useful depending how you assemble the OLED in n enclosure.

TREZOR_GPIO_YES and TREZOR_GPIO_NO : Specify the GPIO number to use for the yes/no button. If you soldered the buttons like mentionned in the tutorial, you can keep the default values.

When you change a value, keep the line formating as-is with the export statement. Just change the number after the equal sign. If you change something else, this could prevent the pi trezor application to start correctly.

For the Adafruit bonnet, you must change the values to these (courtesy of Damian Bevan):

Is this secure ?

The main difference of this device versus the real trezor device is that the pi zero stores everything on the SD card. The equivalent of the flash memory for the trezor is stored in a file on the first partition. That means that anybody that has your SD card can access your seed words and private key.

However, the wallet supports the usage of a passphrase. The passphrase is a kind of an extra seed word that is not stored on SD card. By using a passphrase, you would prevent a thief that could have your SD card to empty your wallet.

Thus, the recommendation is to always use a passphrase!

Updating from previous pitrezor image

If you are updating your pitrezor to the latest image you will need your seed words with you:

Flash the SD card with the latest image.

Disconnect and reconnect the SD card in your computer

Redo the modification you did previously in the pitrezor.config file.

Remove the SD card of your computer and install it in the pi zero.

Boot your pitrezor as usual.

When you will go to the wallet web site, your pitrezor will be detected as a new device. Select the recover option. You will have to enter all the words of your seed word list.

Don't forget to enable the pass phrase option after if you were using one before. You should!

Copyright and Legal Warning

There are inherent dangers in the use of any software available for
download on the Internet, and I caution you to make sure that you
completely understand the potential risks before downloading any of the
software. The Software and SD card image available on this website are provided
"as is" without warranty of any kind, either express or implied. Use at
your own risk. The use of the software and SD card image downloaded on this site is done
at your own discretion and risk and with agreement that you will be
solely responsible for any damage to your computer system or loss of
data that results from such activities. You are solely responsible for
adequate protection and backup of the data and equipment used in
connection with any of the software, and I will not be liable for any
damages that you may suffer in connection with using, modifying or
distributing any of this software. No advice or information, whether
oral or written, obtained by you from me or from this website shall
create any warranty for the software. I make no warranty that:

the software will meet your requirements

the software will be uninterrupted, timely, secure or error-free

the results that may be obtained from the use of the software will be effective, accurate or reliable

the quality of the software will meet your expectations

any errors in the software obtained from me will be corrected.

The software, SD card image and its documentation made available on this website:

could include technical or other mistakes, inaccuracies or
typographical errors. I may make changes to the software or
documentation made available on its web site at any time without
prior-notice.

may be out of date, and I make no commitment to update such materials.

I assume no responsibility for errors or omissions in the software or documentation available from its web site. In no event shall I be liable to you or any third parties for any
special, punitive, incidental, indirect or consequential damages of any
kind, or any damages whatsoever, including, without limitation, those
resulting from loss of use, data or profits, and on any theory of
liability, arising out of or in connection with the use of this
software.

Make sure you get the proper oled device. Right now I'm supporting only I2C (not SPI).

For the update, I will align my updates on the official firmware release from trezor. Basically you will have 2 options. I will post a page with the details on first update. 1) You simply reflash the sd card. That mean you will lost all your data and will have to reenter your seed words via the wallet application. 2) You backup the emulator.img file in the boot partition on a computer. then you flash the sd card and you move back the emulator.img file. This is an extra manipulation but will save time.

Would it be possible to add g_mass_storage to use the rest of the sd card?e.g. a third partition that takes up the remaining space and gets mounted as a usb drive when plugged in to devices.I guess it would only be useful if the pi doesn't get unpluged

Exactly, I think their will be some risk of corruption if not disconnected at the right moment but that would be possible. A bootup script could extend the partition, format it and export it as usb key. Do you have an idea in mind about its usage?

The different bridges and the chrome plugin could be downloaded and put in a usb image but the trezor javascript wallet code doesn't seem to be on trezor github anymore. Maybe an alternative like electrum, that can use the trezor hardwarde, could be preinstalled.

Please let me know if that work correctly. I don't have myself this oled to test but the driver code in the platform should work. The I2C wiring is the same. I only tested using oled with sh1106 controller.

Btw, next release will also have SPI interface oled driver code in it.

https://learn.adafruit.com/monochrome-oled-breakouts/wiring-128x64-oledsif I'm reading this right Vin needs 5v but you have it plugged into pin 1 and that's 3.3vhttp://webofthings.org/wp-content/uploads/2016/10/pi-gpio.pngpin 2 and 4 are 5v

I don't think you need rst to be connected in i2c mode. Maybe the 3.3v / 5v is the solution. Otherwise, you can probably follow adafruit tutorial to make sure its driver is working correctly. I found some tutorial for the 128x32 at https://learn.adafruit.com/adafruit-pioled-128x32-mini-oled-for-raspberry-pi?view=all to start playing with.

Hi,Awesome tutorial.I am also using the "Adafruit 128x64 OLED Bonnet for Raspberry Pi". (https://www.adafruit.com/product/3531).I change the config file to use the OLED Bonnet. The OLED Bonnet powers up and displays the Lock with the "Go to trezor.io/start" text.I installed the Trezor Bridge but the raspberry pi w does not connect to the Trezor Wallet. The browser application DOES NOT detect the device. Not sure what is the problem..... Any help would be appreciated.

Also, is there a way to configure the buttons on the Bonnet OLED screen?

Yes, I plugged the usb cable into the port labeled "usb" on the pi and plugged the other end into the computer. It was not detected by the computer. At one point the computer did say "unrecognized usb", but it was not detected by the Wallet.

What operating system are you guys using? I am using Windows 10. Maybe that is the issue.... I also tried using the chrome extension, still didn't get recognized. The raspberry pi is not recognized by windows....

Windows in general can be a bit fussy with usb devices.have you tried plugging it into a different usb port on the windows system end (sometimes that works as it thinks its a new device and installs the driver)

But you still would need to wait until Yannick releases the next image to use the buttons on your Bonnet OLED screen.If it still won't get recognized by windows let me know.-Dave

Awesome! Thanks. So, I used windows 7 and it took a while to install drivers, but it worked. The raspberry pi finally connected to the computer and connected to the website. The buttons for the OLED Bonnet works too.

I don't have the files but that would be awesome if someone could send them to me. For my version I used a standard ABS box and I cut plastic with a dremel cutting disc. My main concern with 3D files would be the buttons. Depending on the type of buttons, the position/size would not be the same. At least, Oled on the other hand are relatively standard.

Can you highlights the modification that you were doing to the trezor's source code ? (For security reasons, and to learn more about how to add new feature to it..). I found it really hard to make a diff with the trezor repo.

Great tutorial! I was wondering if I can get some help. I am new to yocto. I am trying to understand yocto and the layers. Why did you created meta-pitrezor layer? Could you have just built a generic raspberry pi distro and run the trezor code on it? Is that possible? Im just trying to learn and understand. Thanks.

The meta-pitrezor layer allow me to add my port of the trezor application as part of yocto build. It also contain the image file that list the applications to install in the image file. This allow me to create a very small distro with only was is required to run. The layer also contains some fixes to other application and some custom configurations to reduce the image footprint.

I think yocto was the best choice for this project. Distro for the pi like raspbian contain a lot of softwares not required for pitrezor because they are more desktop oriented. Using a distro like this would have implied to remove or cleanup a lot of packages. With yocto I can select what I want to be installed more granulary.

Hey, thank you for the tutorial! Unfortunately I'm having some trouble. I can get the device to show the Trezor screen on a TV connected via HDMI, but when I go to the trezor.io/start page, it never gets past asking me to connect my device to start. As a separate issue I can't seem to get the Adafruit Bonnet to work, but I think that's just my own problem with being unfamiliar with it.

some things you could try: Check with another usb cable, check with another monitor, check in system manager for the list of usb device connected to see if it is there. You can also try to reflash the sd card with an original Pi distro like raspbian to see if it boot correctly and if you have hdmi output.

Hi friends. It's a great project, I've ordered parts and waiting for delivery. But I wanted to inform you that I am a graphic designer and a 3D designer. How will everything be made up at home, I will make a box and a public. If the interest and creator of the PiTrezor project will want, I can present myself as part of this blog. I ordered the Adafruit 128x64 OLED Bonnet. If I get in the Czech Republic, I will make a second modification. (or you can send it to me - I'll pay). Here it is just in the Czech Republic OLED model http://rpishop.cz/displeje/874-adafruit-128x32-pioled.html.

I apologize for poor English I am from the Czech Republic. My nick is MoDDO / fX - (moddo@moddo.cz)

WOW! This is awesome. I have a few Pi Zero W units laying around, so I popped in a new 2G MicroSD card and followed your tutorial. I have a couple of cheap Ebay SPI OLED (128x64 .96") also which work perfectly with the following layout.Changed the config file to use #4, with a zoom of 1.

The setup on the Trezor site was very easy, and worked perfectly using the buttons also. I have now ordered a non-wifi model of the PiZero dedicated for this purpose. I also have a 3D which I'll have to look at designing a case for this unit now. Something to hang off my car or house keys maybe.

by dumping the emulator.img file in the sd card you could retrieve the seed words that were used to generate the private keys. This is why you should always use a passphrase. The passphrase is not stored on the sd card and act as an extra word in the conversion from the word seed list to private keys.

The protection would be limited. I'm trying to minimize the changes with the original trezor code to avoid to introduce all kinds of possible errors (security, malfunction..) and to keep 100% compatibility with the online wallet. Also, all the code is open source, so anybody could review it and see how encryption is used. The passphrase could in theory be used to protect the partition that hold the flash image, but, when the online wallet is asking for it when the trezor is connected, the flash image is already loaded by the pitrezor to tell wallet to ask for the password. This is a chicken'n'egg problem. I could solve it by breaking the flash in 2 parts (one encrypted, one not) but that will be a big change from the original code.

The pin is not a real protection because it can be extracted from a dump of the flash image. The best protection is the passphrase because it is never stored.

For the 'ultra paranoid' security conscious people, couldn't you just add passphrase protection, then remove the SD card from your Pi-Trezor, put it in your "Etcher" application and create a new image, then encrypt the image with say TrueCrypt (yes I know about it's apparent flaws) and store it on a second USB drive somewhere offline, and extract the encrypted image only when needed?

Hello there! Thank you for this amazing work.Looking at build-pitrezor.sh I noticed that it is using /dev/random as a source. How safe it is? Shouldn't it use /dev/hwrng instead?https://www.raspberrypi.org/forums/viewtopic.php?t=127706

The daemon rng-tool is running as a separate process. This is the one that read from /dev/hwrng and feeds /dev/random to keep entropy high. The kernel will mix that source of entropy with others sources. This way, reading from /dev/random cannot block because you always have the hw generator as a fallback source of entropy. It still secure because it is not the only one source and it is better than urandom because the kernel avoid the pseudo software number generator (/dev/urandom)